Unggul Axiom

SECTION 3.0

Governance & Approvals Flow

To protect sensitive records, the portal uses an approval system. This ensures major actions - like editing locked documents or lowering file security ratings - are reviewed by supervisors.

File Locking Rules

To maintain document write integrity during collaborative drafting cycles, users can lock files. The governance rules apply distinct behavior boundaries:

Concurrent Edit Prevention

When a document is locked, standard users (such as staff) are blocked from rename, relocate, edit, or delete actions. Collaborator updates return database conflict errors.

Lock Hierarchy & Override

Bypass authority scales with clearance tiers. Users with director or chief roles can override, modify, or release locks set by staff accounts directly.

The 6 Governance Actions

You can request permission to perform 6 main actions on protected files:

Lock File

Request to freeze a file. This blocks edits or deletes from other staff while a document is under official review.

Unlock File

Request to release a lock. You must explain what edits you need to make to the file.

Increase Security Level

Move a file to a higher security tier (e.g., from Open to Confidential) to restrict who can see it.

Lower Security Level

Decrease security restrictions. Requires strict justification to ensure sensitive information is not exposed.

Move File

Move a protected file to a different folder. You must select the target destination folder.

Delete File

Request to move files or folders to the Trash bin for deletion. Requires review to prevent accidental data loss.

How Security Label Changes are Checked

The backend validates classification transitions using parameterized verification queries executed inside database transaction scopes:

When a user requests to change a security classification rating, the handler executes a database row lock (`FOR UPDATE`) to fetch current classification states:

Classification Upgrades: The system validates that the target tier is strictly higher in clearance rank (e.g. from TERHAD to SULIT). Upgrades that match the current rank are rejected.
Classification Downgrades: Considered high-risk operations. The system requires direct verification approval, restricting approvals to director+ accounts.

Simple Request Lifecycle

How approval requests proceed:

Submission

Select a file, open the **Governance Request Panel**, pick the action you want, and enter a quick reason explaining your work.

Supervisor Review

Your request is sent to your supervisor or department lead. They check the file details and read your explanation.

Verdict

The supervisor approves or rejects the request. System notifications immediately inform you of their decision.

Execution

Once approved, the system automatically applies the change (e.g. unlocks the file or updates the security rating label).

SECTION 3.0

Governance & Approvals Flow

To protect sensitive records, the portal uses an approval system. This ensures major actions - like editing locked documents or lowering file security ratings - are reviewed by supervisors.

File Locking Rules

To maintain document write integrity during collaborative drafting cycles, users can lock files. The governance rules apply distinct behavior boundaries:

Concurrent Edit Prevention

When a document is locked, standard users (such as staff) are blocked from rename, relocate, edit, or delete actions. Collaborator updates return database conflict errors.

Lock Hierarchy & Override

Bypass authority scales with clearance tiers. Users with director or chief roles can override, modify, or release locks set by staff accounts directly.

The 6 Governance Actions

You can request permission to perform 6 main actions on protected files:

Lock File

Request to freeze a file. This blocks edits or deletes from other staff while a document is under official review.

Unlock File

Request to release a lock. You must explain what edits you need to make to the file.

Increase Security Level

Move a file to a higher security tier (e.g., from Open to Confidential) to restrict who can see it.

Lower Security Level

Decrease security restrictions. Requires strict justification to ensure sensitive information is not exposed.

Move File

Move a protected file to a different folder. You must select the target destination folder.

Delete File

Request to move files or folders to the Trash bin for deletion. Requires review to prevent accidental data loss.

How Security Label Changes are Checked

The backend validates classification transitions using parameterized verification queries executed inside database transaction scopes:

When a user requests to change a security classification rating, the handler executes a database row lock (`FOR UPDATE`) to fetch current classification states:

Classification Upgrades: The system validates that the target tier is strictly higher in clearance rank (e.g. from TERHAD to SULIT). Upgrades that match the current rank are rejected.
Classification Downgrades: Considered high-risk operations. The system requires direct verification approval, restricting approvals to director+ accounts.

Simple Request Lifecycle

How approval requests proceed:

Submission

Select a file, open the **Governance Request Panel**, pick the action you want, and enter a quick reason explaining your work.

Supervisor Review

Your request is sent to your supervisor or department lead. They check the file details and read your explanation.

Verdict

The supervisor approves or rejects the request. System notifications immediately inform you of their decision.

Execution

Once approved, the system automatically applies the change (e.g. unlocks the file or updates the security rating label).

Strategic Portal Manual

Governance & Approvals Flow

File Locking Rules

The 6 Governance Actions

How Security Label Changes are Checked

Simple Request Lifecycle

Strategic Portal Manual

Governance & Approvals Flow

File Locking Rules

The 6 Governance Actions

How Security Label Changes are Checked

Simple Request Lifecycle